CVE-2007-6609

CoolPlayer 217 - Stack-Based Buffer Overflow via OGG Vorbis Tag Parsing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6609. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit leverages a buffer overflow in CoolPlayer by crafting a malicious OGG file with an oversized Vorbis comment tag. The provided command generates a malformed OGG file that triggers the vulnerability when opened, potentially leading to arbitrary code execution.

Description

Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoslinux

https://www.exploit-db.com/exploits/30956

View Code ZIP pw:eip

This exploit leverages a buffer overflow in CoolPlayer by crafting a malicious OGG file with an oversized Vorbis comment tag. The provided command generates a malformed OGG file that triggers the vulnerability when opened, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CoolPlayer 217

No auth needed

Prerequisites: vorbiscomment tool · input OGG file

MITRE ATT&CK